linux router question

I have two networks, 192.168.1 and 192.168.2.

Between them sits a linux box, running iptables.  Actually it's a snapgear 530, but that shouldn't matter, it's just an embedded linux.

I want people on the two networks to be able to access machines on the other, but I don't know how to tell it to do this.
I don't want NAT, FULL access to everything... I'll then restrict stuff with IPTABLES.

I'm just not sure how to tell it to do this?

I do know I need to put a route command on my firewall to tell machines to back up and try the other router.
Thanks
LVL 1
bennybutlerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mds-cosCommented:
It is not just a matter of routing.  You need to configure the SnapGear with a second IP address so that it is "on" both network segments.

If the firewall is also providing access to the Internet through the untrust interface ("internet" on a SnapGear), you can set up a second IP address on the LAN interface.  Do this in Advanced IP Configuration from the IP Configuration screen.  You will also need to set up appropriate rules to allow traffic to pass between the two segments.

If the firewall is strictly being used for routing between the segments, you will probably already have the IP addresses set up for the two segments on your LAN and Internet ports.  From here it is a matter of configuring the rules / port forwarding to allow traffic to pass as you want it to.
0
mds-cosCommented:
P.S.  If the firewall is for routing (e.g. one segment on LAN and one on Internet), you would turn off NAT in the Advanced IP Configuration screen as well.
0
bennybutlerAuthor Commented:
Here's where I'm at.
Router is on both networks, 192.168.1.14/192.168.2.14
Gateway on 192.168.1.1 tells all machines to use 2.14 to get to 192.168.2 network.

It works great, any machine on 1 can get to any machine on 2.

Problem is, snapgear wants to play firewall, so anything on 2 wants to be NAT'd to get to 1.  I don't want or need NAT, I just want it to treat the 'internet' interface the same as it does the 'wan' interface.
0
bennybutlerAuthor Commented:
maybe I need to create a reverse of this:

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
   12   720 EstabRelFwd  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
    6   360 LanFwd     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0          
    0     0 WanFwd     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0          
    0     0 DefDeny    all  --  *      *       0.0.0.0/0            0.0.0.0/
0
mds-cosCommented:
SnapGear it is a purpose built firewall appliance that uses embedded Linux.  So trying to get it to "forget" it is a firewall is not really a supported configuration.  But you should be able to do it.  Having said this, I will suggest that buying a cheap Linksys or Netgear router might work better for you.

I only have access to a SnapGear 550, so am having to assume that your interface is at least similar.  Can you turn off NAT in the Advanced IP Configuration as suggested above?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.